The federal Health Insurance Portability and Accountability Act (HIPAA) mandates privacy protections for individually identifiable health information.
In response to the HIPAA privacy mandate, the federal Department of Health and Human Services (HHS) established national standards for the protection of health information by covered entities who conduct certain health care transactions electronically. By the statutory compliance date of April 14, 2003, covered entities must implement these privacy standards to protect and guard against the misuse of individually identifiable health information.
With regard to public education compliance with HIPAA, the Arkansas Department of Education (ADE) has determined that Arkansas local education agencies (LEAs) are covered entities under HIPAA for purposes of compliance with federal requirements pertaining to electronic transactions.
The ADE has further determined that HIPAA privacy standards, in general, do not apply to Arkansas LEAs. This is based on the HHS definition of protected health information that specifically excludes education records (including student health information) covered by the federal Family Educational Rights and Privacy Act (FERPA).
In the implementation of FERPA for Arkansas schools, ADE Special Education Regulation 2.13.1 broadly defines educational records as those records, files, documents, and other materials which contain information directly related to the student and are maintained by an LEA or by a person acting on behalf of the LEA.
While LEAs are not directly impacted by the April 14, 2003 HIPAA privacy compliance date, school legal and administrative personnel are encouraged to take this opportunity to review school policies and procedures relating to FERPA records privacy compliance.
For additional information on HIPAA and Arkansas public schools, go to http://arksped.k12.ar.us/ and download the document available after clicking on the “Recent Medicaid Updates” link.